VMware fixes remote code execution vulnerability in vCenter twice within a few months. Credit: PeopleImages.com - Yuri A / Shutterstock Mistakes can occur, but when the same problem occurs several times in a row, there may be a deeper problem. This is the case with VMware that had to publish a patch for the same security time for the second time in just a few months. Heap overflow found in VMware vCenter This patch is intended to fix a dangerous vulnerability in the company’s vCenter server platform. The remote code execution vulnerability was first documented and exploited in June during a Chinese hacking competition. A few days ago, however, the company had to admit in a statement that the vCenter patches released on September 17, 2024 could not completely close the security vulnerability CVE-2024-38812. The vulnerability is a heap overflow in the implementation of the DCERPC (distributed computing environment / remote procedure call) protocol in vCenter Server. An attacker with network access to vCenter server can trigger them by sending a specially crafted network packet, which can then lead to a remote code execution. That’s why the vulnerability is so dangerous and is rated with a CVSS severity rating of 9.8/10. Hackers from China found the vulnerability When the first patch was released in September 2024, VMware attributed the discovery of the issues to research teams participating in the 2024 Matrix Cup, a hacking competition in China that uncovers zero-days in major operating system platforms, smartphones, enterprise software, browsers and security products. The Matrix Cup competition took place in June 2024 and is sponsored by Chinese cybersecurity firm Qihoo 360 and Beijing Huayun’an Information Technology. Under Chinese law, zero-day vulnerabilities found by citizens must be immediately reported to the government. The details of a security vulnerability may not be sold or shared with anyone other than the manufacturer of the product. Not the only recent mishap The new patch for vCenter server also covers vulnerability CVE-2024-38813, an escalation of privilege flaw with a CVSS severity of 7.5/10. VMware warned that a malicious actor with network access to vCenter server could exploit this vulnerability to escalate privileges to root by also sending a specially crafted network packet. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe